Small and Medium Organizations: Secure Portable Media
Portable media (e.g. portable hard drives, USB flash drives, memory cards) provide users with the flexibility to easily move data between devices or locations. But such benefit can quickly turn into a nightmare when portable media are lost, stolen or compromised by malware.
What are the risks associated with using portable media?
Losing or misplacing portable media that contains your organization’s data can result in the loss of sensitive information, such as intellectual property, private business information, and personal information about clients, customers, and employees. You should encrypt information that is stored on portable media. While encryption will not help recover lost devices, it will prevent the exposure of sensitive information to unauthorized individuals.
Portable media can unknowingly spread malware between devices. For example, if an employee receives a free USB flash drive at an event or conference, the device should not be used until it is assessed. Free devices may contain malware that could infect your networks and systems. Your organization should establish a clear policy on which devices can be used and for what purpose. Your policy should include information on how users can scan and clean devices before they are used or thrown out.
Recommendations for your organization:
- Develop a policy for all portable media
- Encrypt information that is stored on portable media
- Establish a process for wiping all portable media prior to repurposing or throwing them out